spki: combined all exported functions to a single set and get

This simplifies setting parameters for a particular key type,
as well as getting them. The advantage is that they are set
atomically, preventing an inadverterly half-filled structure.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 20 insertions, 19 deletions

diff --git a/src/certtool-common.c b/src/certtool-common.c
index 378d644eb2..6a7d983fd7 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1139,6 +1139,9 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 	fprintf(outfile, "%s\n", cprint ? cprint : "Unknown");
 
 	if (key_type == GNUTLS_PK_RSA_PSS) {
+		gnutls_digest_algorithm_t dig;
+		unsigned int salt_size;
+
 		ret = gnutls_x509_privkey_get_spki(key, spki, 0);
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 			goto spki_skip;
@@ -1148,21 +1151,15 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 			goto spki_skip;
 		}
 
-		ret = gnutls_x509_spki_get_digest_algorithm(spki);
+		ret = gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size);
 		if (ret < 0) {
-			fprintf(stderr, "spki_get_digest_algorithm: %s\n",
+			fprintf(stderr, "spki_get_rsa_pss_params: %s\n",
 				gnutls_strerror(ret));
 		} else {
 			fprintf(outfile, "\t\tHash Algorithm: %s\n",
-				gnutls_digest_get_name(ret));
+				gnutls_digest_get_name(dig));
+			fprintf(outfile, "\t\tSalt Length: %d\n", salt_size);
 		}
-
-		ret = gnutls_x509_spki_get_salt_size(spki);
-		if (ret < 0) {
-			fprintf(stderr, "spki_get_salt_size: %s\n",
-				gnutls_strerror(ret));
-		} else
-			fprintf(outfile, "\t\tSalt Length: %d\n", ret);
 	}
 
  spki_skip:
diff --git a/src/certtool.c b/src/certtool.c
index ffd51e76cd..7afbb8297e 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -197,10 +197,6 @@ generate_private_key_int(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	if (HAVE_OPT(SALT_SIZE)) {
-		gnutls_x509_spki_set_salt_size(spki, OPT_VALUE_SALT_SIZE);
-	}
-
 	if (cinfo->seed_size > 0) {
 		kdata[kdata_size].type = GNUTLS_KEYGEN_SEED;
 		kdata[kdata_size].data = (void*)cinfo->seed;
@@ -219,13 +215,21 @@ generate_private_key_int(common_info_st * cinfo)
 		flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE;
 	}
 
-	if (default_dig) {
-		gnutls_x509_spki_set_digest_algorithm(spki, default_dig);
+	if (key_type == GNUTLS_PK_RSA_PSS && (default_dig || HAVE_OPT(SALT_SIZE))) {
+		unsigned salt_size;
 
-	}
+		if (!default_dig) {
+			fprintf(stderr, "You must provide the hash algorithm and optionally the salt size for RSA-PSS\n");
+			app_exit(1);
+		}
+
+		if (HAVE_OPT(SALT_SIZE)) {
+			salt_size = OPT_VALUE_SALT_SIZE;
+		} else {
+			salt_size = gnutls_hash_get_len(default_dig);
+		}
 
-	if (default_dig || HAVE_OPT(SALT_SIZE)) {
-		gnutls_x509_spki_set_pk_algorithm(spki, key_type);
+		gnutls_x509_spki_set_rsa_pss_params(spki, default_dig, salt_size);
 
 		kdata[kdata_size].type = GNUTLS_KEYGEN_SPKI;
 		kdata[kdata_size].data = (void*)spki;